In this article, you will learn about blocking direct web traffic of the default application pointed towards the server’s IP address. In other words, if your website (e.g., example.com) is a default application pointing to a server’s IP address (e.g., 159.65.24.XXX) and the direct access is enabled, then your website will be accessible upon entering the server’s IP address in the browser instead of the domain name which can be an insecure way.
A server's default application is the first application deployed on your Cloudways server if that is still running; otherwise, you can set your default application from the server settings.
By default, the direct access of your default web application is disabled according to the default domain settings. It means that your website will not be accessible if the server's IP address is entered instead of the domain name; however, you can follow these steps to verify how your existing servers react in such cases. If direct access is not blocked, you can block it using the Cloudways Platform.
How to Block Direct Web Traffic Pointed Towards Server’s IP
Block Direct Web Traffic — Navigate to Server Settings
Log in to your Cloudways Platform using your email address and password.
From the top menu bar, open Servers.
Then, choose your desired server.
3. Under Server Management, select Settings & Packages.
4. Switch to the Advanced tab.
Block Direct Web Traffic — Disable Application Access
Scroll down to locate Nginx settings and Disable Access Application via IP.
Finally, click Save Changes.
You will see 403 – Forbidden message when you access the default application (HTTP or HTTPS) using the server’s IP address.